I have a popular drawing tablet that I connect to my PC with USB. Once connected, the tablet detects hand movements and manipulates the pointer accordingly. Somewhere, the tablet is transmitting this data to my computer.
My goal is to intercept these transmissions and manipulate the mouse after I process the data. The buzzwords I have found are: device drivers and HID, but I haven't been able to piece together much more than that.
Assuming this is possible, I have a few questions:
How is this done if the data format is known?
How is this done if the data format is unknown/proprietary?
My computer is running Ubuntu (but answers related to any form of a Linux OS are greatly appreciated!).
Note: This question is similar but intended for Windows.
Actually you missed a buzzword "USB sniffing". ;-)
Here are a few tutorials on USB sniffing on Linux, to get you started.
Official Wireshark wiki for USB monitoring
biot.com/blog/usb-sniffing-on-linux (InternetArchive)
tjworld.net/wiki/Linux/Ubuntu/USBmonitoring
Essentially you use the usbmon Linux kernel module to capture the USB-packets and Wireshark as a front-end to display and analyse the captured USB stream.
To add another useful resource: Kernel manual for usbmon
You can use the following commands on Debian Linux to view debug log for usbmon in text format using usbmon Kernel's built in usb monitoring:
$sudo -i to use root
#modprobe usbmon
#ls /sys/kernel/debug/usb/usbmon to view bus sockets
#cat /sys/kernel/debug/usb/devices to view devices at each bus socket
#cat /sys/kernel/debug/usb/usbmon/<bus socket> to view or you can route stdout to a file using >
Related
I have a embedded device that runs linux 2.6.37.
I want my application to know when the USB is connected.
Currently I can achieve this by pooling
/sys/devices/platform/musb/musb-hdrc.0/vbus.
However this approach does not distinguish between a USB charger or a USB host.
I found this udev approach but I don't think it's available in my version of the kernel. because I did not find any USB related nodes in my /dev. This discussing also shows that it might not be feasible, ether.
I also found linux hotplug and tried the netlink example, but I didn't see any output running the example when I connect/disconnect the USB cable.
What I want to do is to detect connection type on the device, when USB is connected, and prepare (unmount file system) and switch to g_file_storage if device is connected to a host, and do nothing if device is connect to a charger.
How shall I achieve this?
To achieve that, you can use the inotify(7) feature, available in all linux kernels to be awaken as soon as some device node gets created in /sys.
To know what type of device you have, you have to read the usb info from proper usb ioctl call (or if you are not a kernel interface expert, using the libusb interface) to get the device vendor, device id and device class fields coming from the device. Normally, the hotplug software gets informed on these clase of events (via a special socket). The most probably reason you don't get the device properly initialized is some misconfiguration in the config files for udev system, which normally has one entry for each possible device vendor/device id pair and allows it to load the appropiate device driver to control it. The process continues with the device driver module creating dynamically the actual devices, and they'll appear in the /dev/ filesystem as a consequence of some other kernel event to udevd.
Read apropiate documents in <linux_src>/Documentation (this directory directory belongs to the linux kernel source code, so you'll probably need to install it), and udevd(8) man pages to be able to add a new usb.
On 2.6.37 kernel, this could be done by polling
/sys/devices/platform/musb-omap2430.0/musb-hdrc.0/mode
If handshake with host is successful then it will read as "peripheral", if fail it'll be "idle".
I have a USB to RS232 adapter which I'm currently using to communicate with a legacy device. I want to analyze the data going to and from the legacy device from my Ubuntu machine over USB. The adapter is getting detected automatically without installing any driver as shown in lsusb output below:
Bus 006 Device 002: ID 0403:6001 Future Technology Devices International, Ltd FT232 USB-Serial (UART) IC
I tried using the USB packet capture in Wireshark, but it shows a bunch of URB_CONTROL, URB_BULK packets which is not showing anything meaningful. So if there are any better utilities available which can capture the USB2Serial data for a Linux system, please let me know. TIA!
After trying various methods, I finally got what I needed using strace. The following command helped me capture all the termios settings for the serial port and also all the IOCTL calls after doing some greps on the file handle of the serial port:
sudo strace -p <pid> -t -v -o dump.txt
This will dump all the system calls that your application makes on Linux into the file dump.txt.
I am on debian and:
I have a USB controller hooked up to a USB port on my PC (Device 1).
I have a male to male USB cord hooked up to another port on the PC that connects to Device 2. (it is a "bridging" usb cord, and has the chip for it)
I want to make them connect to each other as if they were one cord, so neither device knows that there is a computer in the middle.
This would be called a 'Coupler', except that I am using a PC as a coupler.
Here is a (really bad) diagram I made:
What I have done:
I have been able to connect the two devices independently of each other and sniff the results for when they fail to connect. The devices don't send a large volume of data back and forth.
Maybe there is some kind of command tool that I could use, for example (psudocode):
$ couple-usb-ports PORT1 PORT2
You're trying to reinvent the wheel here.
You might consider looking at this link instead.
http://dan3lmi.blogspot.com/2012/10/sniffing-usb-traffic-different.html
Specifically this.
Windows: You cannot directly capture raw USB traffic on Windows with Wireshark/WinPcap, but it is possible to capture and debug USB traffic on a virtual Windows machine under Oracle Virtual Box.
You cannot use a simple PC as transparent USB sniffer without extra (expensive) hardware. An USB bus has always one host (and one or more devices), and the PC can only be the host. This is a hardware limitation.
But you can capture USB data in a Windows machine using Wireshark and USBPcap, eliminating the need for the middle box in most cases.
As this post is tagged Linux, I suppose the controller PC is a Linux machine. Instead of connecting USB ports with a male-male connector, which is all kinds of bad (you are connecting the 5V lines of both machine with each other!), just run Wireshark in the controller PC.
There might be a little work to be done previously, as you have to enable Wireshark for USB monitoring (Particularly in Debian, this is disabled by default), and you might have to install a small driver to enable the monitoring. Have a look at this page for more information.
Once you get it working, Wireshark is an excellent tool for this!
I'd like to redirect traffic from and to USB devices in an application.
Particularly I want to talk to USB dongles.
So for example if a dongle is connected on a USB port, is it possible to get the traffic that is intended to be written to this device? On the other hand, can you simply write data in the same manner?
I don't have any experience so I'd appreciate to get some directions.
BTW, this is not intended to be used in anything illegal ;-)
With "USB dongles" you mean: Software license dongles?
First of all you should know that USB is not a stream of data such as RS232 but a very complex bus transferring a lot of different control and data messages.
On Linux you can use Wireshark to monitor the data on the USB bus. There are similar tools for Windows (up to Windows XP only) but the Windows version of Wireshark does only support Ethernet and not USB. Windows 7 has a built-in command line tool that does the same job.
If you really want to redirect data you might use something like "usbip" that allows sharing USB ports over network. You may simulate an USB dongle device by programming a server that simulates the dongle... However doing this is very tricky and requires a lot of programming experience!
I have two legacy machines connected to a Linux box with USB using the ftdi_sio driver, to /dev/ttyUSB0 and /dev/ttyUSB1. The Linux box is relaying and analyzing the traffic between the machines. When the Linux box boots up, the machines are connected to the files pretty much randomly. The problem is to know which one is which.
I could just ask the devices, of course, but I'd like to avoid the risk of malfunction due to sending wrong data to the wrong device. Is there a way to figure out, for example, the id of the device connected to a tty file?
Check this Using Linux USB page.
/proc/bus/usb/devices lists information about the devices currently attached to the USB bus. This is very useful when trying to figure out if the device is correctly enumerated.
Maybe you can use the output from lsusb -v and look at iProduct + iSerial to determine the order the devices are attached.